---
id: oauth2-clients
title: Creating OAuth 2.0 Clients
---

You can manage _OAuth 2.0 clients_ using the cli or the HTTP REST API:

- **CLI:** `hydra help clients`
- **REST:** Read the [API Docs](../reference/api.mdx)

## Authorize Code Flow with Refresh Token

The following command creates an OAuth 2.0 Client capable of executing the
Authorize Code Flow, requesting ID and Refresh Tokens and performing the OAuth
2.0 Refresh Grant:

```sh
hydra clients create \
    --endpoint http://ory-hydra:4445 \
    --id client-id \
    --secret client-secret \
    --grant-types authorization_code,refresh_token \
    --response-types code \
    --scope openid,offline \
    --callbacks http://my-app.com/callback,http://my-other-app.com/callback
```

The OAuth 2.0 Client will be allowed to use values `http://my-app.com/callback`
and `http://my-other-app.com/callback` as `redirect_url`.

> It is expected that the OAuth 2.0 Client sends its credentials using HTTP
> Basic Authorization.

If you wish to send credentials in the POST Body, add the following flag to the
command above:

```
    --token-endpoint-auth-method client_secret_post \
```

The same can be achieved by setting
`"token_endpoint_auth_method": "client_secret_post"` in the request body of
`POST /clients` and `PUT /clients/<id>`.

## Client Credentials Flow

A client only capable of performing the Client Credentials Flow can be created
as follows:

```
hydra clients create \
    --endpoint http://ory-hydra:4445 \
    --id my-client \
    --secret secret \
    -g client_credentials
```
